Vulnerabilities > Mozilla > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-12-31 | CVE-2002-2314 | Improper Input Validation vulnerability in Mozilla 1.0 Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail. | 5.0 |
| 2002-12-31 | CVE-2002-2260 | Cross-Site Scripting vulnerability in Mozilla Bugzilla Cross-site scripting (XSS) vulnerability in the quips feature in Mozilla Bugzilla 2.10 through 2.17 allows remote attackers to inject arbitrary web script or HTML via the "show all quips" page. | 4.3 |
| 2002-12-31 | CVE-2002-2013 | Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. | 5.0 |
| 2002-08-12 | CVE-2002-0810 | Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails. | 5.0 |
| 2002-08-12 | CVE-2002-0805 | Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code. | 4.6 |
| 2002-08-12 | CVE-2002-0803 | Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16 Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi. | 5.0 |
| 2002-06-25 | CVE-2002-0354 | The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property. | 5.0 |
| 2002-06-18 | CVE-2002-0594 | Local File Detection vulnerability in Netscape/Mozilla/Galeon Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect. | 5.0 |
| 2002-01-31 | CVE-2002-0011 | Unspecified vulnerability in Mozilla Bugzilla Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login. | 5.0 |
| 2002-01-31 | CVE-2002-0009 | Unspecified vulnerability in Mozilla Bugzilla show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access" privileges to see other products that are not accessible to the user, by submitting a bug and reading the resulting Product pulldown menu. | 5.0 |